Maintainers

Classifiers

Project description

================ Cheese Prism================

.. image:: https://secure.travis-ci.org/whitmo/CheesePrism.png

A simple application for managing a static python package index. Itborrows heavily from `BasketWeaver<https://github.com/binarydud/basket-weaver>`_ and `cheese_emporium<git@github.com:binarydud/cheese_emporium.git>`_. It leverages `pip<https://github.com/pypa/pip>`_ and setuptools/`distribute<http://pypi.python.org/pypi/distribute>`_ for various packagemanagement tasks.

Why?====

There are probably better options that are more actively maintained (devpi?).

Cheeseprism mainly excels at turning a folder full of tarballs intosomething you can pip install against. And the pip cache syncing ishandy.

Running=======

Dev---

Install~~~~~~~

There are 2 main ways to get your CheesePrism up and running dependingon your particular needs.

2. Pip install the package from pypi:

Activate your virtual env. Then either check out the code to your chosen location::

Use the prod.ini (edited for your setup) for simplest serving. Be sureto remove such things as ``pyramid.includes = pyramid_debugtoolbar``if security is a concern::

$ pserve prod.ini

Sane people use something like upstart or `supervisord <supervisord.org>`_ to manage this process.

.. todo: ini config generation script

How to use==========

Release into your index-----------------------

CheesePrism understand the upload interface of pypi. This means forpython2.6 and better you can setup your ``~/.pypirc`` and then upload toyour prism as you would `pypi <http://pypi.python.org/pypi>`_::

**Note**: The prism currently has the *most* basic support for pypi'sbasic auth scheme. This mainly exists for the purpose of grabbing theidentity of who puports to be uploading a package, rather than anyactual security. If you need more, it should provide a starting pointfor extension (see `pyramid documentation<http://docs.pylonsproject.org/en/latest/docs/pyramid.html>`_ for moreinformation on extending pyramid apps).

Install from your index-----------------------

**Now** your package is available for install from your prism::

$ pip install -i http://mycheese/index/ MyAwesomePyPkg

All dependencies of ``MyAwesomePyPkg`` will also come from your prism,so make sure they are there (coming feature will inspect your releaseand do the needful).

Files may be added to the index from pypi via a not so RESTful interface that will soon go away. Provided ``name`` and ``version`` exist in PyPi, the following will download the file from pypi and register it with the index::

$ curl GET http://mycheese/package/{name}/{version}

Advance Feature Configuration=============================

Cheeseprism has a few knobs that might help adapt it to your usecase.

Pip cache syncing-----------------

Occasionally we find ourself needing to populate a virtualenv andlacking network access. Cheeseprism includes an optional that will,upon starting cheeseprism, copy and index all packages in your`PIP_DOWNLOAD_CACHE` folder, thus making them available toinstall. Add this line to your ini::

Use directory listing in nginx renderers has some advantages overusing the Cheeseprism generated index (byte counts, see all the files,etc, faster index updating). This configuration option tellsCheesePrism to skip creating the index.html::

cheeseprism.write_index_html = false

Future======

Really, the future is likely an different pypi mirror like devpi.

Some features we thought about implementing:

* **Multi-index support**: The general idea is that you can evolve indexes rather like requirements files but by explicit limiting of membership in a group rather than specification that requires talking to an external index. One archive might exist in multiple indexes (but always serve from same location to preserve pip caching).

This would include a ui for select member archives to compose an new index as well as cloning and extending an existing index.

* **Less crap work**: automatic dependency loading for releases and packages loaded via find packages. A file watcher for the repo that rebuilds the appropriate parts of the index when files are added and removed.

* **Better readonly api**: versions.json for each package with the data in index.json provided in a more easily consumable fashion.

* **Better REST**: Make ``POST /packages/{name}/{version}`` to grab a package from PyPi. Make ``GET /packages/{name}/{version}`` provide data about the package and indicate whether the package current lives in index or not.

* **Proper sphinx documentation**: yup.

Contact / Wanna get involved?=============================

Pull requests welcome!

I'm on freenode at *#pyramid*, ``whit`` most days if you havequestions or comments.